I'm trying to configure SSL encryption for my Splunk Light VM instance.
Here is my web.conf file:
[settings]
enableSplunkWebSSL = 1
httpport = 443
privKeyPath = <$SPLUNK_HOME/etc/auth/omniCerts/splunk.lab.omni.key>
serverCert = <$SPLUNK_HOME/etc/auth/omniCerts/splunk.lab.omni.pem>
Both .key and .pem file are owned by splunk:splunk
and have read priv for all. I followed the instructions at (http://wiki.splunk.com/Community:SplunkWeb_SSL_SelfSignedCert_NewRootCA), except for the actual generation and signing of the cert. I have my own Internal CA that I issued the splunk cert with. I created the .pem
file by concatenating the splunk.lab.omni.crt
file with my CA's .crt
file (server first, then root CA).
I dont have enough karma to attach files, so if you want my web_services.log
file, I'm not sure how to show it other than a big messy post. I don't see any errors. It acknowledges my .pem
and .key
files. When I restart splunk, everything passes except at the end it hangs at "Waiting for web server at https://127.0.0.1:443 to be available.." Web access times out, and netstat shows a "CLOSE_WAIT" as the status of my attempted connection.
Any idea what is wrong??
Actually, it was the <>
surrounding the file paths that is the culprit. Removing them fixed the issue.
I had referenced this page (https://docs.splunk.com/Documentation/Splunk/6.6.2/Security/SecureSplunkWebusingasignedcertificate), which shows these brackets surrounding the file paths in the "Configure Splunk Web to use the key and certificate files" section. Perhaps this document should be amended?
If you can send that pointer to the Docs team they will check it out! There's a box at the bottom of docs pages to submit comments or feedback.
PS you can accept your own solution for karma points 🙂
Hey @Willman42, here's some further documentation. https://docs.splunk.com/Documentation/Splunk/6.6.2/Security/SecureSplunkWebusingasignedcertificate I'm not an expert (just an Answers moderator), but I do see a discrepancy in your enableSplunkWebSSL = 1 line -- it says "true" in the documentation. Hope this helps! If you'd like to include the web_services.log file and can remove any materials that could be privacy sensitive I can attach that for you.
Also, I tested using a .crt
file in the serverCert
field of my web.conf
file, and it works fine. So Splunk does NOT need a .pem
file here, nor does it need the CA's certificate concatenated with it. Perhaps this should be reflected in Splunk documentation as well.
Oh I see. I'm not sure how it was set to 1 because I never edited that line. I see also in my
$SPLUNK_HOME/etc/system/default/web.conf
that it is set to boolean as well. Thanks for the pointer!
i have the following setup but it still doesn't work , what I am missing, appreciate suggestion!1
httpport = ( 443, 8000 or not set)
https:// (internal or external):httport
[settings] enableSplunkWebSSL = ture httpport = 8000 privKeyPath = <$SPLUNK_HOME/etc/auth/omniCerts/splunk.lab.omni.key> serverCert = <$SPLUNK_HOME/etc/auth/omniCerts/splunk.lab.omni.pem>
./splunk restart splunkd